Tuesday, October 17, 2017

Changing the default Apache web directory(document root) on RHEL without disabling SE Linux

Default document root of Apache in RHEL is "/var/www/html". if you have tried changing it to something else like "/web/apps" then you would get 403 forbidden error.
If you google it, I am sure you will find a solution to include /web/apps into <Directory> directive and you will be asked to set +x permissions on /web & /web/apps folder (using chmod 755)
And your Apache vhost will look similar to it

<VirtualHost *:80>
 ServerName  www.example.com
 DocumentRoot /web/apps
  <Directory "/web/apps" >
   Options Indexes FollowSymLinks
   AllowOverride None
   Require all granted

After doing it if you restart Apache and try you will still get "403 forbidden error"

If you further google, you will find out this is because of SE Linux and steps to disable that.
Basically "sudo setenforce 0", and you can call it a day since everything start to work.

However with "sudo setenforce 0" you are disabling the entire SE Linux security. There is a better way to do that and that is what all this Blog is about.
And here you go.

sudo semanage fcontext -a -t httpd_sys_content_t "/web/apps(/.*)?"
sudo restorecon -R -v /web/apps

That's it folks. If you want to see what magic it does, use the special flag -Z with ls

[ec2-user@ip-10-0-0-1 ~]$ ls -Z /var/www
drwxr-xr-x. root root system_u:object_r:httpd_sys_script_exec_t:s0 cgi-bin

drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 html

[ec2-user@ip-10-0-0-1 ~]$ ls -Z /web
drwxrwxr-x. rxds rxds unconfined_u:object_r:httpd_sys_content_t:s0 apps

drwxrwxr-x. rxds rxds unconfined_u:object_r:default_t:s0 another_directory

httpd_sys_content_t is what makes the Apache to server from /web/apps directory

More info at 

Thursday, September 21, 2017

$.get Cross Domain request with withCredentials: true

Even though $.get works for Cross-Domain(As long as CORS enabled), it doesn't send cross domain cookies while making request.

Meaning, let's say you have logged into https://cd-example.org and cookie is all set.
Now you want to make a cross domain request to https://cd-example.org from another domain https://example.org

If you make $.get("https://example-cd.org/someurl/",function(data){console.log(data)})
it won't work, because it doesn't send cd-example.org cookie. You need to use $.ajax with xhrFields: { withCredentials: true}

I just found a trick to workaround this $.get issue. Set {xhrFields: { withCredentials: true}} in $.ajaxSetup, which automatically gets attached to $.get and everything works magically.

So first
$.ajaxSetup({xhrFields: { withCredentials: true} })
and then make

Wednesday, June 21, 2017

Connecting to Redshift from KDB+ (Using Babel)

If you want to connect to Oracle from KDB+ refer to my "Connecting to Oracle from KDB+ (Using Babel)" post.

Let's assume your q home is /opt/q

$ mkdir babel
$ cd babel

Download babel.zip & unzip it

$ wget https://github.com/CharlesSkelton/babel/raw/master/dist/babel.zip

$ unzip babel.zip

You will see babel.jar & lib folder
$ ls -la
total 4664
drwxr-xr-x   5 balaji  staff      170 Jun 21 17:53 .
drwxr-xr-x@ 10 balaji  staff      340 Jun 21 17:52 ..
-rw-r--r--   1 balaji  staff    27713 Mar 24  2014 babel.jar
-rw-r--r--@  1 balaji  staff  2357704 Jun 21 17:52 babel.zip
drwxr-xr-x   8 balaji  staff      272 Jun 21 17:57 lib

Goto lib and download Amazon Redshift jdbc driver
$cd lib
$ wget https://s3.amazonaws.com/redshift-downloads/drivers/RedshiftJDBC42-
$ ls -la
total 9392
drwxr-xr-x  8 balaji  staff      272 Jun 21 17:57 .
drwxr-xr-x  5 balaji  staff      170 Jun 21 17:53 ..
-rw-r--r--@ 1 balaji  staff  2316196 Nov 17  2016 RedshiftJDBC42-
-rw-r--r--  1 balaji  staff    21986 Mar 24  2014 csvjdbc.jar
-rw-r--r--  1 balaji  staff   706710 Mar 24  2014 hsqldb.jar
-rw-r--r--  1 balaji  staff   463412 Mar 24  2014 janino.jar
-rw-r--r--  1 balaji  staff   703265 Mar 24  2014 mysql-connector-java-5.1.6-bin.jar

-rw-r--r--  1 balaji  staff   583286 Mar 24  2014 sqljdbc.jar

Here is the scary part. Including Redshift driver (lib/RedshiftJDBC42- into babel.jar
$ jar -xvf babel.jar
  created: META-INF/
  created: de/
  created: de/skelton/
  created: de/skelton/babel/
  created: de/skelton/util/
  created: kx/
 inflated: de/skelton/babel/Babel$1.class
 inflated: de/skelton/babel/Babel$2.class
 inflated: de/skelton/babel/Babel.class
 inflated: de/skelton/util/Logger.class
 inflated: de/skelton/util/SmartArray.class
 inflated: kx/c$Dict.class
 inflated: kx/c$Flip.class
 inflated: kx/c$IAuthenticate.class
 inflated: kx/c$KException.class
 inflated: kx/c$Minute.class
 inflated: kx/c$Month.class
 inflated: kx/c$Msg.class
 inflated: kx/c$Second.class
 inflated: kx/c$Timespan.class

 inflated: kx/c.class

add lib/RedshiftJDBC42-

Save and exit vi
Recompile the jar file and ignore the warnings

$ jar umf META-INF/MANIFEST.MF babel.jar
Jun 21, 2017 6:07:47 PM java.util.jar.Attributes read
WARNING: Duplicate name in Manifest: Manifest-Version.
Ensure that the manifest does not have duplicate entries, and
that blank lines separate individual sections in both your
manifest and in the META-INF/MANIFEST.MF entry in the jar file.
Jun 21, 2017 6:07:47 PM java.util.jar.Attributes read
WARNING: Duplicate name in Manifest: Ant-Version.
Ensure that the manifest does not have duplicate entries, and
that blank lines separate individual sections in both your
manifest and in the META-INF/MANIFEST.MF entry in the jar file.
Jun 21, 2017 6:07:47 PM java.util.jar.Attributes read
WARNING: Duplicate name in Manifest: Created-By.
Ensure that the manifest does not have duplicate entries, and
that blank lines separate individual sections in both your
manifest and in the META-INF/MANIFEST.MF entry in the jar file.
Jun 21, 2017 6:07:47 PM java.util.jar.Attributes read
WARNING: Duplicate name in Manifest: X-COMMENT.
Ensure that the manifest does not have duplicate entries, and
that blank lines separate individual sections in both your
manifest and in the META-INF/MANIFEST.MF entry in the jar file.
Jun 21, 2017 6:07:47 PM java.util.jar.Attributes read
WARNING: Duplicate name in Manifest: Main-Class.
Ensure that the manifest does not have duplicate entries, and
that blank lines separate individual sections in both your

manifest and in the META-INF/MANIFEST.MF entry in the jar file.
Cleanup de, kx directories if you want to

$rm -rf de kx META-INF

Now start the babel.jar and make it listen to any port you want
$ java -jar babel.jar 6868 com.amazon.redshift.jdbc42.Driver
Babel for kdb+ v1.34 2014.03.24
2017.06.21 18:11:16.437 Listening on localhost:6868 for connections...


Start the q in another terminal and fire the query..
Substitute the jdbc connection string with yours. You can get it from AWS Redshit cluster config page. Of course you should know your user id and password.

$ q
KDB+ 3.5 2017.06.15 Copyright (C) 1993-2017 Kx Systems
m32/ 4()core 16384MB balaji balaji-macbook.local NONEXPIRE  

Welcome to kdb+ 32bit edition
For support please see http://groups.google.com/d/forum/personal-kdbplus
Tutorials can be found at http://code.kx.com/wiki/Tutorials
To exit, type \\
To remove this startup msg, edit q.q
q)h:hopen 6868
q)h("query";"jdbc:redshift://redshift.xxxxxxxxxx.us-east-2.redshift.amazonaws.com:5439/dev?user=balaji&password=ThisIsNotSecreat";"select distinct(tablename) from pg_table_def where schemaname = 'public'")


Picture Credit: AWS Redshift documentation

All Credits goes to:
Bable reference: https://github.com/CharlesSkelton/babel
KX reference: http://code.kx.com/wiki/Babel
Redshift reference: http://docs.aws.amazon.com/redshift/latest/mgmt/configure-jdbc-connection.html#download-jdbc-driver

Monday, April 3, 2017

HTTPS Reverse Proxy settings for Apex applications using ORDS

If you are hosting your Apex apps with a cloud provider who is serving the apps on HTTPS (For example https://apex.oracle.com  WARNING: apex.oracle.com should only be used for evaluating Apex and should never be used for hosting production apps), and you want to access your apps using your domain like https://apex.mycompany.com then you need do little bit of extra to get it working on Apache.
Here is the configuration you need for that. Basically you need to turn off Cert verify and keep ProxyPreserveHost on

<VirtualHost *:443>
  ServerName apex.mycompany.com
  DocumentRoot /var/www/html
  # Configure your SSL Cert here
  # To enable SSL Proxy support
  SSLProxyEngine on
  ProxyPreserveHost On
  SSLProxyVerify none
  SSLProxyCheckPeerCN off
  SSLProxyCheckPeerName off
  SSLProxyCheckPeerExpire off  
  # Proxy URL Rewrite
  ProxyPass / https://apex.oracle.com/
  ProxyPassReverse / https://apex.oracle.com/

Wednesday, January 18, 2017

Installing Oracle ODBC driver on uBuntu 16.04 server

Note: Following steps are for ubuntu 16.04 server. Change the steps based on your Linux flavor

First start with unixodbc installation
$sudo apt-get install unixodbc
To conform the installation just type in isql from the shell and should work.

Install the alien utility (You need to install local .rpm packages)
$sudo apt-get install alien

Install libaio1 64 bit$sudo apt-get install libaio1

I have followed the steps from this post. But simplified it little bit.

You need to first download them from Oracle site.

Instant Client Home page:http://www.oracle.com/technetwork/database/features/instant-client/index-097480.html
Download page: http://www.oracle.com/technetwork/topics/linuxx86-64soft-092277.html (Linux 64 bit)

I went with the following packages

Instant Client Package - Basic
Instant Client Package - JDBC Supplement
nstant Client Package - SQL*Plus
Instant Client Package - ODBC

Download the above .rpm files locally on your machine and upload it to the Linux server or directly download it on your Linux server. wget won't work since it requires you to sign in to Oracle site.

Next install the rpm's using the alien utility.

sudo alien -i oracle-instantclient12.1-basic-
Install the other rpms in the same way

Setup the Oracle environment variables globally. You can do it in your user .profile as well.
Create a file "sudo vi /etc/profile.d/oracle.sh" with the following content.
export ORACLE_HOME=/usr/lib/oracle/12.1/client64
export LD_LIBRARY_PATH=/usr/lib/oracle/12.1/client64/lib/${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}

logoff and login back and try sqlplus

user@ubuntu:~$ which sqlplus
user@ubuntu:~$ sqlplus
SQL*Plus: Release Production on Wed Jan 18 12:14:14 2017
Copyright (c) 1982, 2014, Oracle.  All rights reserved.
Enter user-name: 
If you get the above response, you are almost done. At this stage you can connect to your Oracle database using EZConnect string
$ sqlplus scott/tiger@myoracledb.example.com:1521/ORCL
SQL*Plus: Release Production on Wed Jan 18 12:17:00 2017
Copyright (c) 1982, 2014, Oracle.  All rights reserved.
Last Successful login time: Wed Jan 18 2017 02:22:27 -05:00
Connected to:
Oracle Database 12c Standard Edition Release - 64bit Production

Just finish it up by setting up sqlnet.ora and tnsnames.ora
Create /network/admin directory under $ORACLE_HOME (/usr/lib/oracle/12.1/client64) folder
Under the same create sqlnet.ora. Sample below

names.directory_path = (EZCONNECT, LDAP, TNSNAMES, HOSTNAME)
Create tnsnames.ora Sample content below
MY_ORACLE_DB= (description=   (address_list=     (address = (protocol = TCP)(host = myoracledb.example.com)(port = 1521))   ) (connect_data =   (service_name=ORCL) ))
Now you can connect using $sqlplus scott/tiger@MY_ORACLE_DB
You are done and enjoy.

Sunday, June 14, 2015

Configuring Oracle ORDS/Apex Listener with Oracle OID/LDAP/TNS/EZ Connect

I have been using ORDS since Apex Listener 1.0 beta, however didn't figure out how to connect it to an Oracle OID. I feel ORDS documentation should include sample configurations for each connection types. Till then here is your unofficial documentation.

Following is tested with Apex Listener However I believe will work with ORDS 3.0 as well.

#1: Connecting to Oracle OID

<entry key="db.connectionType">customurl</entry>
<entry key="db.customURL">
<entry key="db.password">@encrypted password</entry>

ORDS Configuration: https://docs.oracle.com/cd/E56351_01/doc.30/e56293/config_file.htm#AELIG7204
LDAP Syntax http://docs.oracle.com/cd/B28359_01/java.111/b31224/urls.htm#CHDBICFA
Use ldaps for SSL.
ldap.example.com:7777 => Is your ldap server name and port
ORCL  => Database Service name configured in OID. Replace it with the Database you want to connect
cn=OracleContext  => Keep it. I believe this is something defined at the OID level
dc=example,dc=com  => Thats your domain. If you have 3 parts in your domaninlike example.co.uk then use dc=example,dc=co,dc=uk 

#2: Connecting using TNS Names
You can do it in two ways. You can have a tnsnames.ora file with database connect strings defined in it. For that use the following (Note: connectionType=tns)
<entry key="db.connectionType">tns</entry>
<entry key="db.tnsDirectory">/home/oracle/admin/tnsnames.ora</entry>

<entry key="db.tnsAliasName">ORCL</entry>
<entry key="db.password">@encrypted password</entry>

Or you can specify the entire TNS Connect string using db.CustomURL like below (Note: connectionType=customurl)
<entry key="db.connectionType">customurl</entry>
<entry key="db.customURL">
<entry key="db.password">@Your_encrypted_password</entry>

#3: Default EZ Connect method
This is the default when you configure ords war using $java -jar ords.war
You don't need to specify db.connectionType here, which default to "basic"
<entry key="db.hostname">myhost</entry>
<entry key="db.password">@ Your_encrypted_password </entry>
<entry key="db.port">1521</entry>

<entry key="db.servicename">ORCL</entry>

Sunday, November 16, 2014

Java Performance Analyser

Occasionally I get "Out Of Memory" error in my Apache Tomcat and with out thinking too much I will just bounce the server to solve the problem. I was searching for the same in Google and it took me to a blog post http://opcodesolutions.com/tech/solve-java-lang-outofmemoryerror-java-heap-space/ in which I found an interesting tool Visual VM.
My goal is not to re-produce every detail about this tool, Name says it all.
I just downloaded it and got up and running in seconds. I have not yet started playing with the tool, but I believe this will solve some of my Java Memory issues.
You can go through the screen cast of this tool from this page.

Saturday, November 15, 2014

Connecting to Oracle from KDB+ (Using Babel)

I have recently started messing around KDB+ and playing with cryptic Q language.

I want to compare the performance of Oracle vs KDB+, and in order to do that I have to duplicate the Oracle table in KDB+. I tried through ODBC layer but didn't work. Then I found another elegant solution posted on the code.kx.com site using Babel.
"Babel for kdb+ is a SQL gateway process that allows kdb+ to query other vendors databases via jdbc."
Babel act as a broker between KDB+ and any database that can be connected through JDBC library. Meaning KDB knows how to talk to Babel and Babel knows how to talk to Databases through JDBC Layer. Now lets get into details.

Step 1:
Download Babel:  http://code.kx.com/wsvn/code/contrib/cskelton/babel/dist/babel.zip
and unzip it.

Step 2:
Download odbc7.jar from oracle and copy it to bin directory under Babel. Note: odbc7 is for JDK 1.7 and if your Java version (java -version) is 1.6 you should use odbc6.jar.

Step 3: Start the babel on port 6868

$ java -Xmx1024m -Doracle.jdbc.defaultRowPrefetch=10000 -cp "babel.jar:lib/ojdbc7.jar" de.skelton.babel.Babel 6868 oracle.jdbc.OracleDriver

Step 4:
Start q (I assume you already have working instance of q). If not you should first learn about q from http://code.kx.com

q)h:hopen 6868
q)r:h("query";"jdbc:oracle:thin:scott/tiger@your_oracle_server:1521:orcl";"select * from emp");

PS: You know Scott/Tiger is user id/ password and ORCL is the Oracle instance.

More References:

Thursday, October 23, 2014

Extracting Image meta data using Oracle ORDSYS.Image

Let's say you have a table "PICTURE" has a blob column "PIC_BLOB" which contains some image and you want to extract the meta data of the image, here is the query,

Don't ask me any more questions. I spilt my hair to get it working.

PS: If you are asking me why did I do it. Because Photos taken with iPhone are rotated randomly and learned that, rotation angle is stored in the meta data

select VALUE(xml_type).getstringval() 
FROM table(
    select ORDSYS.ORDImage.getMetadata(
                ordsys.ordimage(ordsys.ordsource( PIC_BLOB, null, null, null, null, 1),null, null, null, null, null, null, null)
      from PICTURE WHERE ID=1

Your Output will be something like this.

<ordImageAttributes xmlns="http://xmlns.oracle.com/ord/meta/ordimage" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/ord/meta/ordimage http://xmlns.oracle.com/ord/meta/ordimage"></ordImageAttributes>
<iptcMetadata xmlns="http://xmlns.oracle.com/ord/meta/iptc" xsi:schemaLocation="http://xmlns.oracle.com/ord/meta/iptc http://xmlns.oracle.com/ord/meta/iptc" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>

<exifMetadata xmlns="http://xmlns.oracle.com/ord/meta/exif" xsi:schemaLocation="http://xmlns.oracle.com/ord/meta/exif http://xmlns.oracle.com/ord/meta/exif" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
      <Orientation tag="274">top left</Orientation> -- This is what I am interested in
   <ExifIfd tag="34665">
      <ColorSpace tag="40961">sRGB</ColorSpace>
      <PixelXDimension tag="40962">3264</PixelXDimension>
      <PixelYDimension tag="40963">2448</PixelYDimension>

Tip:If you are just interested in Orientation tag then apply Regular Expression like this
               VALUE(xml_type).getStringval(),'<Orientation (.*)>(.*)</Orientation>',1,1,'i',2))